Recurrent quantum embedding neural network and its application in vulnerability detection

In recent years, deep learning has been widely used in vulnerability detection with remarkable results. These studies often apply natural language processing (NLP) technologies due to the natural similarity between code and language. Since NLP usually consumes a lot of computing resources, its combination with quantum computing is becoming a valuable research direction. In this paper, we present a Recurrent Quantum Embedding Neural Network (RQENN) for vulnerability detection. It aims to reduce the memory consumption of classical models for vulnerability detection tasks and improve the performance of quantum natural language processing (QNLP) methods. We show that the performance of RQENN achieves the above goals. Compared with the classic model, the space complexity of each stage of its execution is exponentially reduced, and the number of parameters used and the number of bits consumed are significantly reduced. Compared with other QNLP methods, RQENN uses fewer qubit resources and achieves a 15.7% higher accuracy in vulnerability detection.


Background Vulnerability detection
Software vulnerabilities pose a serious threat to network security.Traditional vulnerability detection methods often rely on static analysis (e.g., vulnerability rules, symbolic execution) or dynamic analysis (e.g., fuzzing test, taint analysis) techniques.However, these methods have certain limitations 28 .Static analysis methods are often limited by the complexity of the code and have many false positives and false negatives.Dynamic analysis methods consume a lot of time due to the running of the program and are sensitive to test data.Therefore, they are difficult to meet the current complex and changing software security requirements.
In recent years, the excellent performance of deep learning on NLP tasks has inspired researchers to use neural networks to build automated vulnerability detection systems and achieved remarkable results.Vulnerability detection methods based on neural networks aim to extract high-dimensional features of the code through neural networks to make a judgment on the existence of vulnerabilities at the level of code slices, functions, or statements.These studies extract effective abstractions from raw code data by processing code as text 29,30 , extracting vulnerability function/API-related code slices (e.g., code gadgets) [31][32][33] , and extracting graph structural information such as PDG and AST of the code 11,[34][35][36] and other methods.They are converted into vectors for input to the neural network by further preprocessing.Similar to traditional NLP tasks, vulnerability detection also requires neural networks to be able to memorize sequential and semantic information about the code, because the context information of the code often contains the conditions for triggering the vulnerability.As a result, CNNs, RNNs, and some GNNs are frequently used 28,37,38 , and some large language models 1,39,40 migrated to code also come into play.
As a clear example, ref. 30 implements the first deep learning-based vulnerability detection system, proposing a code intermediate representation "code gadget".A code gadget is a collection of code statements that are semantically related to some manually defined vulnerability characteristics in a program (e.g., an API call).The code gadget extracted from source code is regarded as text, and each token is encoded into a word vector through word embedding then input into BLSTM network to capture the sequence information of the code.Eventually the trained model will make a detection of whether the code contains vulnerabilities.

QNLP technology
In recent years, the size of classical NLP models has been increasing, with neural networks reaching even hundreds of billions of parameters 12,13 .The strong performance of classical NLP models often means complex models and huge memory consumption, and there seems to be an irreconcilable contradiction between model performance and memory consumption, which hinders their further application in vulnerability detection.The reason for the huge memory consumption of these models is that these models suffer from dimensionality catastrophe when dealing with high-dimensional, complex data.When the dimensionality of the data increases, the required computational resources and storage space increase dramatically.At the same time, a large number of parameters of the model are involved in the forward propagation, and the calculated hidden layer variables continue to accumulate, resulting in rapid memory consumption.
In order to reduce the computing cost of current NLP methods, some studies combine QNN with NLP to take advantage of the huge benefits of quantum computing in information storage and parallel acceleration, which is called quantum natural language processing (QNLP) 26,[41][42][43] .Reference 26 encodes words and phrases into quantum states and processes based on the DisCoCat model and implements it using variational quantum circuits (VQC).The core of the approach is to consider DisCoCat as a tensor network model of natural language meanings, which can be represented as string diagrams and further transformed into quantum circuits.This method has been proven to have certain advantages in theory 25,41 , so the DisCoCat model became a common theoretical framework for almost all QNLP methods.But it has only been tested on very small datasets 43-45 and has not yet been applied to real-world tasks.In addition, some QNNs for processing sequence data have been proposed, such as RQNN 24 .However, they cannot be useful for specific tasks related to text or language, because QNN is unable to obtain quantum word embeddings from textual information as efficiently as classical models using a combination of one-hot and word embedding methods.There are also methods based on the classical network structure (e.g., QLSTM [45][46][47] ), which perform NLP tasks by replacing weight parameters with VQCs, and this hybrid quantum-classical network structure is also considered as a QNLP model in a broader sense.The proposed methods have promoted the development of QNLP, but they are still far from practical application.The results on small tests 27 show that the exploration of QNLP technology is still full of challenges.

Methods
In this section, we first introduce the composition and principles of the important components of RQENN including the trainable encoding method based on parameterized binary index and recurrent cell.Then we introduce the RQENN-based classification model.Finally, we present the task flow of applying RQENN classification model to vulnerability detection.

Trainable encoding method
Classical neural network models for processing NLP tasks first need to tokenize the text and build a word dictionary, according to which the text is converted into a digital index sequence of words.Each digital index corresponds to a one-hot vector, which are transformed into dense vectors by word embedding methods involved in the network training to obtain a more accurate vector representation.However, similar methods migrated to QNN do not work.Specifically, in the classical model, the one-hot vectors are sparse and orthogonal, which means that when word embedding is performed, each word gets only some of the weights from the embedding weight matrix W as the representation vector.This process can be viewed as using the one-hot vector as the key to query the corresponding value in the weight map W , as shown in Fig. 1a.Thus, in the case of random ini- tialization of weights, the initial representation vectors of all words are uncorrelated, and they establish lexical connections as the training process proceeds.However, in the quantum model, due to the properties of quantum superposition and entanglement, the quantum state obtained from encoded words (e.g., |ψ 1 � in Fig. 1b) is difficult to be sparse and orthogonal as the classical one-hot vectors.This implies that the initially encoded quantum state of each word has some kind of connection, and the use of this quantum state as the "key" inevitably leads to the "value" obtained from the query being related to all the elements in the unitary matrix, which contains various non-semantic connections.The use of this quantum state as the "key" inevitably leads to a query that yields a "value" that is related to all the elements of the Missy's orthogonal weight matrix, and the results obtained contain various non-semantic connections.This prevents QNN from learning the semantics of words through the quantum embedding method.
To address this problem, we propose a trainable encoding method based on parameterized binary index to encode code tokens as quantum state data and efficiently learn the semantics of the tokens.The specific steps are as follows: Step I: Tokenize source code into tokens to create a dictionary and then tokens are mapped to numeric indexes.
Step II: Convert the numeric indexes from decimal to binary representation.For a dictionary containing N words, an index is represented by an n = ⌈log 2 N⌉ bits binary numbers.
Step IV: Encode parameterized binary index using n = ⌈log 2 N⌉ qubits.Each bit of the input is encoded to the corresponding qubit through an Ry rotation gate.Step V: Add a trainable layer containing parameters to the quantum circuit as a quantum embedding (QEmbedding) implementation.
The Ry rotation input layer and the QEmbedding layer in the above steps together form the trainable encoding layer.
As a simple example, for the following source code training set: we can build such a dictionary to map all code tokens to numeric indexes: These numeric indexes are further converted to parameterized binary indexes: Next, we determine the angles of the Ry gates and construct the quantum circuit based on the parameterized binary index of the word to be encoded.Taking encoding token 'NULL' as an example, as shown in Fig. 1b, its corresponding indexes θ 1 θ 0 are encoded bit-by-bit to a circuit with 2 qubits as the Ry gates' angles.Then a QEmbedding layer is further added to jointly form the quantum trainable encoding circuits.
As Eqs. (1-3) shown below.|ψ 0 � is the initial state.The quantum circuit encodes the index θ 1 θ 0 into the quantum state |ψ 1 � by rotation input layer.It is a 2 n -dimensional vector.It has N different cases, corresponding to N possible combinations of the input rotation layer parameters.The parameters " θ 0 " and " θ 1 " are involved in the training process of QNN to eliminate possible inherent connections, so that |ψ 1 � has the same function as the classic one-hot vector.The one-hot vector is a form transformed by symbols that is easy to use by the classic network model, and the obtained |ψ 1 � is a form transformed by symbols that is easy to use by QNN.This is the unique aspect of trainable encoding based on parameterized binary index and the key to improving model performance.Next, |ψ 1 � learns lexical connections between encoded words through a trainable QEmbedding layer U qe (θ qe ) , which is similar to the classic word embedding principle.The obtained quantum state |ψ 2 � is described in Eq. ( 3), where † .At this point, the 2 n -dimensional dense vectors corresponding to |ψ 2 � are the representations of the words, except that the words are converted from indexes to quantum-friendly quantum state representations instead of classical vector representations.
Compared with the trainable encoding method based on parameterized binary index, if the binary index obtained in Step II is used for encoding, the fixed angle of the rotation gate (0 or 1) will result in constant nonlexical connections between |ψ 1 � of different words.These connections are brought into training process of the quantum word embedding layer, possibly affecting the normal learning of lexical connections of the code tokens.In fact, it can also make the N quantum states |ψ 1 � orthogonal to each other like classical one-hot vectors by choosing a suitable fixed angle of the rotation gate, this method is called the "orthogonal method".It determines the specific angles " θ 0 " and " θ 1 " to be used for replacing the binary "0" and "1" before training.By respectively applying N different rotation layers with angles " θ 0 " and " θ 1 " on N independent quantum circuits, we can obtain N quantum states.We use the gradient descent algorithm to minimize the sum of the absolute values of the two-by-two inner products of these N quantum states under random initialization of the quantum initial states.This approach references the property of mutual orthogonality between one-hot vectors, which ultimately yields θ 0 = − π 2 and θ 1 = π 2 , and encoding using this value will make |ψ 1 � as orthogonal as possible for different tokens.But there are also differences between QEmbedding and classical embedding.Each element of the weight matrix in classical embedding is a trainable parameter, while QEmbedding only controls the changes of the matrix through a small number of parameter-containing unitary gates.It cannot be proved that the always orthogonal |ψ 1 � is more helpful for learning |ψ 2 � .Therefore, in this paper, we add " θ 0 " and " θ 1 " as trainable parameters to the learning process of RQENN, which is the reason for using parameterized binary indexes in Step III.We will show in the Results section the performance of the model when using trainable encoding based on binary index, orthogonality method, and parameterized binary index as data inputs, further demonstrating the effectiveness of the proposed methods.

RQENN cell
The trainable encoding method defined in the above section is a crucial component in the construction of our recurrent quantum embedding neural network cell.Much like classical RNNs, we define such a cell that will be successively applied to the input presented to the network for capturing contextual connections in the code.More specifically, the cell is comprised of a trainable encoding stage and a working stage, which are used to learn the semantics of input tokens and memorize contextual dependencies, respectively.This cell is applied iteratively in www.nature.com/scientificreports/RQENN, and its internal state is passed on to the next iteration of the network.RQENN cells at all time steps share the same trainable parameters.Figure 2 illustrates the RQENN cell, which learns the quantum word embedding of the current time step input x t = (x t 0 , ..., x t n ) in the encoding stage and combines it with the cell input hidden state |ψ t−1 � in the work stage to learn the mapping relation from this combined state to the cell output hidden state |ψ t � .The equation for this process is as follow: where U in , U qe and U qnn denote the unitary matrix of the rotation input layer, QEmbedding layer and quantum weight (QWeight) layer, respectively.
The encoding stage uses the trainable encoding method described above.In the rotation input layer, an Ry gate is applied on the ith qubit to rotate the angle to the ith value of the parameterized binary index.In the QEmbedding layer, a m layer ansatz composed of alternate rotation layer and entanglement layer is used to learn the quantum word embedding representation.Each layer of the ansatz consists of 2 rotation layers and 2 entanglement layers consisting of staggered entanglements between adjacent qubits.In the working stage, a n layer one- dimensional alternating layered Hardware Efficient Ansatz 48,49 was used to build the QWeight layer.This ansatz is implemented by sequentially applying a two-qubit unitary to adjacent qubits.Each two-qubit unitary entangles the last qubit obtained from a previous unitary with the next one.The unique recurrent circuit cell architecture with scalable layer in multi-stage is the key to improving model performance.This two-qubit unitary consists of two Ry gates and a Cnot gate that have been proven effective 50 , and its unitary transformation is described by Eq. ( 5).We show below the specific implementations of the different network layers by equations.Equation (6) shows the unitary transformation of the rotation input layer, where t ∈ {1, ..., T} represents the time step.A token is input into the network at each time step, and T is set as the total code length.Equations (7, 8) and Eq. ( 9) are the unitary transformations of the QEmbedding layer and QWeight layer respectively.

Classification model
We use RQENN cell to build classifiers applied to vulnerability detection.Similar to RNN, RQENN initializes the hidden state at t = 0 by adding a layer of Hadamard gates initially, and then the RQENN cell is iteratively applied to a sequence of the input source code x 1 , x 2 , ..., x T as shown in Fig. 3 to capture the contextual connections in (4) 1,n−2 θ 1,n−2 . . .U [2] 1,0 θ 1,0 U [2] 0,n−2 θ 0,n−2 . . .U [2] 0,0 θ 0,0 where U QC (X, ) = U cell (x 1 , )...U cell (x T , ) is the a quantum circuit composed of all cells, and is the parameter set of the cell, and X = [x 1 , . . ., x T ] is the input index sequence.M i is the operator used to calculate the expectation of the ith qubit, i.e.
The two calculated expectation values are used to determine the data category by comparing the numerical magnitudes, and we use them as logits to calculate the cross-entropy loss function for classification.

Task flow
The goal of our vulnerability detection is to detect whether a program's source code may contain vulnerabilities using the RQENN classifier.In this paper, we perform the vulnerability detection task using the pipeline shown in Fig. 4, which consists of the following three steps: Step I: Generating normalized code gadgets and labels from source code.First, we extract the data dependency graph (DDG) of the code using the open source code analysis tool Joern.Next, we extract labeled code gadgets based on manually defined vulnerability features.Specifically, we locate the node containing the vulnerable library function/API call in the extracted DDG, such as the "strcat" function shown in left side of Fig. 4, and slice the code into small pieces according to the connection to the node.The types of API calls are categorized into forward (e.g., the "recv" function) and backward API calls (e.g., the "strcat" function here) according to whether or not they take external input from a socket, and forward slices and backward slices are generated accordingly.The forward slices obtain the set of statements of the nodes in the DDG that are recursively pointed forward from the API node, and the backward slices obtain the set of statements of the nodes in the DDG that are recursively pointed to the API node.These slices are code gadgets, which are labeled '0' or '1' depending on whether they contain vulnerabilities or not.In the next step we normalized the code gadget.The processing methods include  removing comments and strings, normalizing user-defined variable names ('VAR1' etc.) and function names ('FUN1' etc.).Finally, the normalized labeled code gadget is obtained.
Step II: The normalized labeled code gadgets are treated as text data from which parameterized binary index sequences are generated.First, we preprocess the data set, clean the original text, remove punctuation marks and non-ascii characters, etc.Then we split and pad the preprocessed text and build a dictionary, which is converted into a parameterized binary index dictionary according to the method mentioned before.Finally, the token sequences after tokenization are converted into parameterized binary index sequences according to the dictionary.
Step III: Training and evaluating RQENN Models.We input the sequence of parameterized binary indexes into the RQENN model in order, execute the quantum circuit on the simulator or a real machine, and complete the training and validation of the RQENN model according to the quantum circuit learning framework 18 .The model can detect the presence of vulnerabilities in the source code.

Dataset description
There is a public dataset we use for vulnerability detection.This dataset is collected from the NVD and SARD vulnerability repositories and provided by Li et al. 31 .It contains C/C++ source codes containing two types of vulnerabilities, buffer overflow and resource management vulnerabilities, as well as source codes that does not contain vulnerabilities.It is used to evaluate the ability of vulnerability detection tools for detecting the presence of vulnerabilities in code.We generated code gadgets from this dataset, and independently selected 1000 data respectively in six intervals ranging from 40 to 100, with the interval length being 10.The number of different categories of data is balanced for each interval.They are used to evaluate the performance of RQENN.Where the average tokens length and maximum length of all 5000 data are 64 and 90 respectively.The number of data with different labels in each interval is balanced.They are used to evaluate the performance of RQENN.Among them, the average token length and maximum length of all 5000 data are 69 and 100 respectively.

Simulation setup
Our simulations use mindspore as the neural network framework in the Ubuntu environment, and use mindquantum to simulate quantum circuits.All implementations are based on Python language.
We use a fivefold cross-validation method to partition the dataset and test the performance of the model.The size of the dictionary is set to 128, so we use 7 qubits to construct the circuit of RQENN.The time step T is set to the longest length of the token sequence in the selected interval, and the token sequences are padded to the uniform length to support batch processing.We set the training batch size to 64 and the maximum epoch to 10.We use the cross-entropy loss function and the Adam optimizer with a learning rate of 0.01 for training.We use accuracy as the metric to evaluate the model performance.All simulations are performed on a server with an 8-core 3.60 GHz Intel(R) Core(TM) i7-7820X CPU and TITAN RTX GPU.

Research questions and results
Our simulations are designed to study the following Research Questions (RQ): RQ1 How does the composition of RQENN affect the model's performance in vulnerability detection tasks?
We conducted two ablation experiments on the full dataset using a fivefold cross-validation approach to explore the effect of the composition of RQENN on the model performance, with T = 100 in both simulations.In the first simulation, we conduct an ablation experiment for the number of network layers.We test the effect of using different numbers of QEmbedding and QWeight layers on the performance of the RQENN model in the vulnerability detection task, respectively.Figure 5 shows a heatmap of the median of the best test accuracy for models using m QEmbedding layers and n QWeight layers in the five-fold cross-validation of vulnerability detection task.
The simulation results show that the best median test accuracy of the model tends to increase in general as m and n increase.When m = 4 and n = 4 , the best median test accuracy of the model reaches the highest 87.4%.In some cases, even if the number of layers increases, the accuracy decreases.For example, the best median accuracy of RQENN with m = 6 and n = 6 is lower than that of RQENN with m = 3 and n = 3 .This suggests that the reason that affects the performance of the model is not only that models with different numbers of layers have different numbers of trainable parameters, but also that different numbers of QEmbedding and QWeight layers themselves have different representational capabilities, which directly affect the size of the solution space of the model, thus leading to different best accuracies.
In the second simulation, we perform ablation experiment for the encoding method.We train the model using original binary index data, data generated by the orthogonality method, and parameterized binary index data inputs, respectively, to study the improvement of RQENN ( m = 4 and n = 4 ) by using trainable encoding method.where the orthogonality method fixes the parameters of the parameterized binary index to θ 0 = − π 2 and θ 1 = π 2 .We plot boxplots of the best test accuracy in five-fold cross-validation for models using different data inputs in Fig. 6.
The simulation results show that the median of best test accuracy of the model using the orthogonal method is 77.8%, which is 2.4% higher than the 80.2% of the model using binary index.This shows that using the fixed angles for rotation gates obtained by the orthogonality method ( θ 0 = − π 2 and θ 1 = π 2 .)instead of the angles ( θ 0 = 0 and θ 1 = 1 ) from the original data reduces the effect of the constant non-lexical connections between |ψ 1 � of different words on the model's ability to learn the meaning of code tokens to some extent.It makes RQENN perform better.And the median of the best test accuracy of the model using parameterized binary index data reached 87.4%, which improved the RQENN by 9.6% compared to the original binary index data.This proves the effectiveness of parameterized binary index.The two angles used in the rotation gates participate in the training process of the model, allowing |ψ 2 � obtained by the quantum word embedding to better represent the meaning of the code.
In summary, the number of QEmbedding and QWeight layers of RQENN and the encoding method affect the performance of the model in vulnerability detection.Within a certain range, the accuracy of the model tends to increase with increasing number of layers and reaches its best at m = 4 and n = 4 .Using trainable encoding based on parameterized binary indexes is a crucial factor in improving model performance.

RQ2 What are the advantages and limitations of RQENN compared with classical models in vulnerability detection tasks?
In this research problem, we compare the performance of RQENN and the classical RNN model on the vulnerability detection task and analyze the differences in memory consumption between the two in order to explore the advantages and limitations of RQENN over the classical model.In this process, RQENN uses the best performing layers ( m = 4 and n = 4 ) from the previous section.As a comparison, the classical RNN network and RQENN perform training with the same settings for all hyperparameters and use the same dictionary.The word embedding dimension and hidden dimension of RNN are both set to 128, which is the same as the vector dimension represented by the quantum state in RQENN.Figure 8 illustrates the median of best test accuracy of both models in different intervals.The results show that as T increases, RQENN outperforms RNN in intervals of T ≤ 80(�r = 10) .And in the interval of T ≥ 90(�r = 10) , RNN performed better.This shows that RQENN has better vulnerability detection capabilities on shorter code lengths, and is worse than RNN on longer code.In addition, the test accuracies of RQENN in intervals with smaller size of r = 10 are all higher than the test accuracy of r = 50 in RQ1, which indicates that data padding also affects the model performance to some extent.
For the differences in memory consumption of the models, due to the fundamentally different computational systems on which they are based, we estimate and compare their memory consumption from multiple perspectives of the equivalent classical information dimension processed and the space complexity at each stage of the model's execution, the number of parameters, and the bit/qubit consumption.
First, we compare the equivalent classical information dimension processed and the space complexity at each stage of the models' execution.As shown in Table 1, the equivalent classical information dimension processed at different execution stages of the two models is the same, but the space complexity is different.At the stage of building dictionary, building a dictionary containing N words requires O(N ) space for RNN, while RQENN requires only O(log 2 N ).At the inputting stage, for a code sequence of T tokens where the dimension of each token vector is N , the equivalent classical information dimension processed by the models is N × T , the space complexity of RNN is O(N × T ), while that of RQENN is only O(log 2 N × T ).At the stage of embedding word vectors and getting hidden states, the equivalent classical information dimensions carried by the embedding vectors and hidden states are d and h , respectively, and the space complexity of RNN is O(d ) and O(h ), respectively, while the space complexity of RQENN is O(log 2 d ) and O (log 2 h) , respectively.Therefore, the space complexity of RQENN is exponentially reduced compared to the classical model at different stages of the model.
Second, we compare the number of parameters of the two models.In classical neural networks, the number of parameters directly determines the memory consumption.The RNN model is set up to have the same word embedding and hidden dimensions as RQENN, but they have a vastly different number of trainable parameters.The weight tensor of h × h dimension in classical RNN can be represented in RQENN using the unitary operator which only contains a small number of trainable parameters.Table 2 demonstrates the number of trainable parameters for both models.
The parameters of RNN contain three parts: word embedding, recurrent cell, and output dense layer.It contains a total of 49,666 trainable parameters.The parameters of RQENN contain three parts: input rotation layer, QEmbedding layer, and QWeight layer (recurrent cell), which contain a total of 106 trainable parameters.The number of parameters of the word embedding and recurrent cell used in RNN is 16,384 and 33,024, respectively, while the corresponding number of parameters of the RQENN part is 56 and 48, respectively.Therefore, the number of parameters used in the vulnerability detection model based on RQENN is reduced dramatically compared to the classical model (only 0.21%).
Lastly, we compare the models in terms of the number of classical or quantum bits required.Each parameter of type float 32 in the RNN model occupies 32 classical bits.Thus RNN needs to occupy 1,585,216 classical bits for inference computation.Whereas the RQENN model uses only 7 qubits for inference computation.Although classical bits and qubits are fundamentally different, this comparison also reflects to some extent the huge difference in memory consumption between the two models.
In summary, compared to the classical model, the advantages of the RQENN-based vulnerability detection model are: the RQENN model has a significant advantage in memory consumption, the space complexity at its each execution stage is exponentially reduced, the number of parameters used and the number of bits consumed are substantially less than the classical model.The limitations of the RQENN-based vulnerability detection model are: the RQENN model is slightly less accurate than the classical RNN, and its vulnerability detection performance is more sensitive to the code length compared to RNN, its detection performance on long code is worse than that of RNN.RQ3 Compared with other QNLP models, does RQENN have more advantages in vulnerability detection tasks?
We conducted extensive simulations on different intervals of the dataset.In addition to the DisCoCat model, we also consider the QLSTM model.Their specific implementation is as follows: • DisCoCat.We use the lambeq 51 open source framework to implement DisCoCat diagram for testing.This method adopts a categorical distributional compositional model to construct quantum circuit for language modeling.First, the grammatical reduction of a sentence is interpreted as a diagram that extracts sentence semantics by encoding specific interactions of words according to the grammar.The sentence diagram is then rewritten to simplify the diagram and optimize the use of quantum resources.Finally, depending on the particular parameterization scheme and the specific choice of ansätze, the generated diagrams are converted into specific quantum circuits.• QLSTM.We implement the QLSTM model proposed in ref. 47 and test it.The implementation method is to use variational quantum circuits to replace the trainable parameters in the classic LSTM Cell.Each cell requires 6 VQCs.QLSTM uses classical activation functions.It inputs classical data into VQCs during training, measures the internal state and returns it to classical, and cycles this process between different VQCs.
In order to enable QLSTM to perform vulnerability detection tasks, we use a classic embedding layer to obtain the vector representation of words to input into QLSTM, and we add a classic dense layer and a batch normalization layer for post-processing.The word embedding dimension is 128, all VQCs use 7 qubits, and the data is input into VQCs using classical dense layer dimensionality reduction.
We test the detection ability of the three QNLP models on code sets with different length intervals, and the median of the best test accuracy obtained from the five-fold cross-validation are shown in Table 3. Due to the limitation of the simulator's memory, it is hard to simulate enough qubits for DisCoCat diagrams.The DisCoCat model can only perform classification tasks of T = 20 at most.Therefore, we additionally selected 100 and 250 data in the T = 10(�r = 10) and T = 20(�r = 10) data intervals for testing, respectively.The results show that RQENN outperforms DisCoCat and QLSTM in almost all length intervals.All three QNLP models perform well in the detection task in the shortest two length intervals.In the detection task at longer lengths, RQENN shows better accuracy compared to QLSTM.In the task of complete dataset of length interval ranging from 40 to 100, RQENN has a 15.7% higher accuracy than QLSTM, which shows that data padding has less impact on RQENN and the model has better stability.These results show that RQENN is more efficient compared to other existing QNLP methods, and its performance advantage comes from (a) the trainable encoding method based on parameterized binary index substantially enhances the semantic understanding of the model, making it possible to learn code data using a recurrent structure on quantum circuits, and (b) the recurrent structure of RQENN endows the model with a stronger long-term memory capability.
Therefore, our proposed RQENN has better performance and stability on the vulnerability detection task compared to other QNLP models.In addition, RQENN uses fewer qubits than DisCoCat.DisCoCat requires an average of 12.8 and 23.4 qubits on the T = 10(�r = 10) and T = 20(�r = 10) datasets respectively (varying among sentences), while the number of qubits used by RQENN is only 7. RQENN performs fewer VQCs and measurement operations than QLSTM.One forward propagation of QLSTM requires executing multiple different VQCs, measuring all qubits, and transferring information between classical and quantum, which leads to inefficiency.While RQENN only needs to perform one VQC and measurements on two qubits to complete the task.

Discussion
In this work, we propose a trainable encoding method based on parameterized binary index.On this basis, we construct a recurrent quantum embedding neural network model for vulnerability detection.Simulations and analysis show that the memory consumption of RQENN is significantly lower compared to the classical model, and RQENN consumes fewer qubit resources and has higher accuracy compared to other QNLP methods.The ablation experiments reveal that using trainable encoding based on parameterized binary index is a crucial factor in improving model performance.Also, the number of QEmbedding and QWeight layers affects the performance of the model in vulnerability detection.These results suggest that RQENN solves to a certain extent the problems of (a) high memory consumption of classical models, (b) difficulty of QNN in handling natural language and (c) poor performance of existing QNLP methods in vulnerability detection.RQENN achieves our preset goals.
However, our work still has some limitations.First, RQENN itself has limitations.This is manifested in (a) RQENN's accuracy in vulnerability detection tasks is slightly lower than that of classical RNN, and this gap is further widened when compared to more advanced methods.For example, the best performance of LSTM in terms of average test accuracy in five-fold cross-validation is 89.7%, and BERT reaches 92.0% (although RQENN still leads in memory consumption).(b) RQENN vulnerability detection performance is more sensitive to code Table 3.The median of best test accuracy of three QNLP models on data of different length intervals.Therefore, RQENN needs to be further improved.First, the trainable encoding method and the structure of RQENN need to be further improved to enhance its semantic comprehension and long-term memory.Second, the circuit depth of RQENN needs to be reduced to increase its scalability.This can be achieved, for example, by encoding multiple consecutive tokens within a single recurrent cell.Finally, to enhance the stability and reliability of the model on real quantum hardware, RQENN needs to be run in quantum hardware with high fidelity to reduce the accumulated noise.A small amount of noise can instead enhance the generalization ability of the model.This approach has realizability for RQENN since it uses only 7 qubits.
In addition, task-related research should be carried out further.First, in the vulnerability detection task, since the real-world has much less vulnerable code than normal one, the impact of dataset imbalance on RQENN needs to be further explored, and strategies such as data augmentation, cost-sensitive learning, sampling and integration learning need to be adopted to ensure the generalization of the results.Second, in order to have a more comprehensive understanding of the performance of RQENN, we need to conduct in-depth studies and detailed analysis of its application in various QNLP tasks on more datasets.We will embark on the above studies in the next step of our work.
In summary, our work expands new approaches of quantum computing for cyber security and natural language processing, and validates new applications of quantum computing in cyber security.We open up a new direction of QNLP technology that is different from the DisCoCat diagram model, and demonstrate the possibility of applying QNLP technology with quantum advantages to real-world tasks.We hope this work can inspire further research on QNLP technologies as well as their real-world applications 41 .

Figure 1 .
Figure 1.(a) The process of token 'NULL' being encoded into a quantum circuit.The |ψ 1 � obtained after rotation input layer is treated as a quantum one-hot vector.It further applies QEmbedding to obtain |ψ 2 � which can be treated as a quantum dense vector used as token representation.(b) Classical word embedding computation process.The one-hot vector is treated as a key to query value in the map of weights.

Figure 2 .
Figure 2. Recurrent quantum embedding neural network cell.It consists of a trainable encoding stage and a QNN work stage, where the principle of the encoding stage is as described in the above section.It transforms the internal state in into the state out at each time step and iterates this process.

Figure 3 .
Figure 3. RQENN classifier.The model is built by iteratively applying the same RQENN cell to the input code token sequence.Measurements are performed on the last two qubits separately to obtain the expectation values as classification logits.

Figure 4 .
Figure 4. Vulnerability detection task flow.We extract normalized labeled code gadgets from the source code as training data and then generate parameterized binary indexes from them, which are fed into the RQENN classifier.After training, the model can detect the presence of vulnerabilities in the source code.

Figure 5 .
Figure 5. Heatmap of the median of the best test accuracy of the model using m QEmbedding layers and n QWeight layers.
RNN, with worse detection performance on long code than RNN.Second, RQENN's learning process is based on the Quantum Circuit Learning (QCL) paradigm18 , which causes it to suffer from similar difficulties as other QNNs employing this paradigm.This is demonstrated by the fact that (a) the QCL learning paradigm is unable to utilize quantum parallelism to process multiple examples at the same time, and thus the training time remains linearly increasing with the amount of data.(b) The performance of QCL-based QNN models is affected by the noise of the quantum hardware.While QNNs are inherently noise tolerant, the effect of noise accumulates as the VQC scale (or quantum volume) increases.Considering the circuit depth of RQENN, the impact of noise is undoubtedly significant, which directly weakens the stability and reliability of vulnerability detection results.(c) Limited by the quantum volume of the quantum hardware, the current QCL-based QNN model has a limitation on the number of qubits and depth of the circuit.RQENN has a deep circuit although it uses a sufficiently small number of qubits.This means that RQENN is only likely to be able to execute small examples on current quantum machines, with limited scalability for larger codebases.

Table 1 .
For the performance of the models in the vulnerability detection task, we first conduct simulation on the full dataset, and the results in Fig.7show the average training loss and test accuracy changes of RQENN and RNN for 10 epochs of training in a five-fold cross-validation.The simulation results show that the two models demonstrate similar convergence speeds during training, with the RNN having a slightly lower training loss.On the test dataset, RQENN achieves a best test accuracy of 85.4%, which is slightly lower than RNN's 86.1%.Next, we test two models separately in datasets with different length intervals to investigate the effect of code length variations on model performance.The normalized code gadgets are divided into intervals from length Average training loss and average test accuracy changes of RQENN and RNN during training.We train on the full dataset with a batch size of 64, using the Adam optimizer.We plot the training loss over 630 iterations and the validation accuracy over 10 epochs.The median of the best test accuracy of RQENN and RNN in different length intervals.Both models are trained for 10 epochs on each interval.Classical information amount and space complexity of the two models at each stage of execution.

Table 2 .
Comparison of the number of trainable parameters for two models used in vulnerability detection.